[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re[some tuple]: Digital Signature Laws (was Re: KISS for PKIX)

To: TeamDaguio@xxxxxxx
Subject: Re[some tuple]: Digital Signature Laws (was Re: KISS for PKIX)
From: "Zmudzinski, Tom" <zmudzint@xxxxxxxxxxxx>
Date: Mon, 19 Jul 1999 09:59:05 -0400
Cc: jtardo@xxxxxxxxxxxx, Eric_Guerrino@xxxxxxxxxxxxxxxxxxxx, kent@xxxxxxxxxxx, ietf-pkix@xxxxxxx

			Kawika Daguio <TeamDaguio@aol.com> on 07/18/99 02:00
AM
			> Eric <Eric_Guerrino@lnotes5.bankofny.com>,
			> 
			> There are a number of bills that have been
introduced at the federal level 
			> that are interesting, but passage of any will be a
major challenge.  One of 
			> the problems that we face in passing a uniform
federal digital signature 
			> law is that those of us (interest groups and
lobbyists and their allies in 
			> the legislatures) who have significantly
overlapping common interests are 
			> constantly divided while focusing on disputing the
narrow issues that 
			> separate us.   I expect to see a bill of some kind
become law this year.   
			> A fully outlined legal infrastructure will develop
over the next few years, but 
			> those of us who have or represent business that
require industrial strength 
			> technical and legal infrastructures cannot wait
even a year for some measure 
			> of legal certainty to be attached to
electronically authenticated agreements.

			Delurking: Yes, and people in Heck want Gaitoraid.
You want a law, go ahead and write one.  Any reasonably clean, blank sheet
of paper will do.  It will have as much force as anything Congress passes
UNTIL THERE IS SOME CASE LAW TO BACK IT UP.  This is a point most people
never grasp: any law is nothing but a bunch of words until someone forces
the issue.  [Part of the reason Robert Morris (the Internet Worm case) was
tried under P.L. 100-235 (the Computer Security Act of 1987) vice the
earlier Computer Security Act of 1984 was that the Government's legal
beagles wanted to establish CASE LAW.  The case against Morris under the
earlier law was open & shut (no requirement to prove intent) but the 1987
law (which does require proof of intent) was much stronger.]  Once the issue
is forced, sometimes you win, sometimes you lose.  [Consider the Scopes
"Monkey Trial" wherein John Thomas Scopes volunteered to test Tennessee's
law against teaching Evolution and Tennessee obligingly found him guilty.]
But without case law, you're playing in a minefield where some of the mines
will go off if you touch them and some will go off if you don't.  It's not
that I'm disagreeing with you that we need "some measure of legal certainty"
(in fact I've been crying for that for nearly ten years!), but we're just
not going to get it soon.  The only mitigation I can suggest is for you to
make certain that YOUR legal beagles (1) are aware of what you're doing and
(2) participate in the ABA Information Security Committee.  Otherwise you're
back in that minefield but with a malfunctioning mine detector.

			[snip]


			v/r
			Tom Zmudzinski, CISSP
			(703) 681-9089 [DSN 761]
			zmudzint@ncr.disa.mil

Occasional grammatical or spelling variations are inherent to 
this thesis and should not be considered as defects, as they 
enhance the individuality and character of this document.

Prev by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Next by Date: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Previous by thread: I-D ACTION:draft-ietf-pkix-cmc-05.txt
Next by thread: RE: KISS for PKIX. (Was: RE: ASN.1 vs XML (used to be RE: I-D ACTION :draft-ietf-pkix-scvp- 00.txt))
Index(es):
- Date
- Thread